starlingx/openstack-armada-app
Code Issues Proposed changes
Files
3c33e176d0cdfe11389eb364b3aec9d898cab680
openstack-armada-app/openstack-helm-infra/debian/deb_folder/patches/0010-Remove-mariadb-tls.patch
jchialun 579edd9e42 Adapt MariaDB Galera cluster to IPv6 
This change updates the IPv6 config override values. It overrides
the bind_address and the gmcast listen_addrs values in IPv6
deployments.

Furthermore, the "mariabackup" method for taking the state snapshot
transfer from one node to another was crashing the multinode
deployment and was change to "rsync".

This also squashed patches 6 and 7 and renamed the following ones to
maintain the sequence number.

Test Plan:
[PASS] Build stx-openstack packages and tarball

IPV6 deployment (AIO-DX):
[PASS] MariaDB pods deployed
[FAIL] stx-openstack applied*

*Application apply will fail due to different issue with ovs-agent
IPv6 deployments. However, at that point MariaDB is already fully
deployed.

** Due to the lack of resources TLS was not tested.

IPV4 deployment (AIO-DX):
[PASS] MariaDB pods deployed
[PASS] stx-openstack applied

Closes-Bug: 2114768
Story: 2011387
Task: 52423

Change-Id: I9ae55f3800049bca0f8fed1392cd2e70ca3a0645
Signed-off-by: Johnny Chia <johnny.chialun@windriver.com>
2025-06-30 10:30:13 -05:00

192 lines
9.0 KiB
Diff
Raw Blame History

From 6fa2814271b7806aece4fb44f6d8eabe8c5ab6aa Mon Sep 17 00:00:00 2001
From: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Date: Tue, 8 Feb 2022 09:18:02 -0300
Subject: Remove mariadb tls
Change-Id: I37405da8faab3495ebe55c81389e0d769aaeb1d1
[ Upversioned openstack-helm-infra base commit to Caracal ]
Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
---
.../templates/manifests/_job-db-drop-mysql.tpl | 7 -------
.../templates/manifests/_job-db-init-mysql.tpl | 7 -------
helm-toolkit/templates/manifests/_job-db-sync.tpl | 3 ---
helm-toolkit/templates/scripts/_db-drop.py.tpl | 11 ++---------
helm-toolkit/templates/scripts/_db-init.py.tpl | 14 ++++----------
5 files changed, 6 insertions(+), 36 deletions(-)
diff --git a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
index 2b7ff2cd..5e31a04d 100644
--- a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
+++ b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
@@ -37,7 +37,6 @@ limitations under the License.
{{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
{{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}}
{{- $serviceNamePretty := $serviceName | replace "_" "-" -}}
-{{- $dbAdminTlsSecret := index . "dbAdminTlsSecret" | default "" -}}
{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "db-drop" }}
{{ tuple $envAll "db_drop" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
@@ -135,9 +134,6 @@ spec:
subPath: {{ base $dbToDrop.logConfigFile | quote }}
readOnly: true
{{- end }}
-{{- if $envAll.Values.manifests.certificates }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $dbAdminTlsSecret "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- end }}
{{- end }}
volumes:
- name: pod-tmp
@@ -152,9 +148,6 @@ spec:
name: {{ $configMapBin | quote }}
defaultMode: 0555
{{- end }}
-{{- if $envAll.Values.manifests.certificates }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $dbAdminTlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- end }}
{{- $local := dict "configMapBinFirst" true -}}
{{- range $key1, $dbToDrop := $dbsToDrop }}
{{- $dbToDropType := default "oslo" $dbToDrop.inputType }}
diff --git a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
index b8a1dce3..ff5d54ba 100644
--- a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
+++ b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
@@ -37,7 +37,6 @@ limitations under the License.
{{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
{{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}}
{{- $serviceNamePretty := $serviceName | replace "_" "-" -}}
-{{- $dbAdminTlsSecret := index . "dbAdminTlsSecret" | default "" -}}
{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "db-init" }}
{{ tuple $envAll "db_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
@@ -134,9 +133,6 @@ spec:
subPath: {{ base $dbToInit.logConfigFile | quote }}
readOnly: true
{{- end }}
-{{- if $envAll.Values.manifests.certificates }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $dbAdminTlsSecret "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- end }}
{{- end }}
volumes:
- name: pod-tmp
@@ -151,9 +147,6 @@ spec:
name: {{ $configMapBin | quote }}
defaultMode: 0555
{{- end }}
-{{- if $envAll.Values.manifests.certificates }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $dbAdminTlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- end }}
{{- $local := dict "configMapBinFirst" true -}}
{{- range $key1, $dbToInit := $dbsToInit }}
{{- $dbToInitType := default "oslo" $dbToInit.inputType }}
diff --git a/helm-toolkit/templates/manifests/_job-db-sync.tpl b/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88f..364a7fe8 100644
--- a/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -34,7 +34,6 @@ limitations under the License.
{{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
{{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}}
{{- $serviceNamePretty := $serviceName | replace "_" "-" -}}
-{{- $dbAdminTlsSecret := index . "dbAdminTlsSecret" | default "" -}}
{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "db-sync" }}
{{ tuple $envAll "db_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
@@ -108,7 +107,6 @@ spec:
mountPath: {{ $dbToSync.logConfigFile | quote }}
subPath: {{ base $dbToSync.logConfigFile | quote }}
readOnly: true
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $dbAdminTlsSecret "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- if $podVolMounts }}
{{ $podVolMounts | toYaml | indent 12 }}
{{- end }}
@@ -131,7 +129,6 @@ spec:
secret:
secretName: {{ $configMapEtc | quote }}
defaultMode: 0444
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $dbAdminTlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- if $podVols }}
{{ $podVols | toYaml | indent 8 }}
{{- end }}
diff --git a/helm-toolkit/templates/scripts/_db-drop.py.tpl b/helm-toolkit/templates/scripts/_db-drop.py.tpl
index 1e28da9c..86464714 100644
--- a/helm-toolkit/templates/scripts/_db-drop.py.tpl
+++ b/helm-toolkit/templates/scripts/_db-drop.py.tpl
@@ -54,13 +54,6 @@ else:
logger.critical('environment variable ROOT_DB_CONNECTION not set')
sys.exit(1)
-mysql_x509 = os.getenv('MARIADB_X509', "")
-ssl_args = {}
-if mysql_x509:
- ssl_args = {'ssl': {'ca': '/etc/mysql/certs/ca.crt',
- 'key': '/etc/mysql/certs/tls.key',
- 'cert': '/etc/mysql/certs/tls.crt'}}
-
# Get the connection string for the service db
if "OPENSTACK_CONFIG_FILE" in os.environ:
os_conf = os.environ['OPENSTACK_CONFIG_FILE']
@@ -101,7 +94,7 @@ try:
host = root_engine_full.url.host
port = root_engine_full.url.port
root_engine_url = ''.join([drivername, '://', root_user, ':', root_password, '@', host, ':', str (port)])
- root_engine = create_engine(root_engine_url, connect_args=ssl_args)
+ root_engine = create_engine(root_engine_url)
connection = root_engine.connect()
connection.close()
logger.info("Tested connection to DB @ {0}:{1} as {2}".format(
@@ -112,7 +105,7 @@ except:
# User DB engine
try:
- user_engine = create_engine(user_db_conn, connect_args=ssl_args)
+ user_engine = create_engine(user_db_conn)
# Get our user data out of the user_engine
database = user_engine.url.database
user = user_engine.url.username
diff --git a/helm-toolkit/templates/scripts/_db-init.py.tpl b/helm-toolkit/templates/scripts/_db-init.py.tpl
index 110cd98e..60b1c5a3 100644
--- a/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -54,12 +54,6 @@ else:
logger.critical('environment variable ROOT_DB_CONNECTION not set')
sys.exit(1)
-mysql_x509 = os.getenv('MARIADB_X509', "")
-ssl_args = {}
-if mysql_x509:
- ssl_args = {'ssl': {'ca': '/etc/mysql/certs/ca.crt',
- 'key': '/etc/mysql/certs/tls.key',
- 'cert': '/etc/mysql/certs/tls.crt'}}
# Get the connection string for the service db
if "OPENSTACK_CONFIG_FILE" in os.environ:
@@ -101,7 +95,7 @@ try:
host = root_engine_full.url.host
port = root_engine_full.url.port
root_engine_url = ''.join([drivername, '://', root_user, ':', root_password, '@', host, ':', str (port)])
- root_engine = create_engine(root_engine_url, connect_args=ssl_args)
+ root_engine = create_engine(root_engine_url)
connection = root_engine.connect()
connection.close()
logger.info("Tested connection to DB @ {0}:{1} as {2}".format(
@@ -112,7 +106,7 @@ except:
# User DB engine
try:
- user_engine = create_engine(user_db_conn, connect_args=ssl_args)
+ user_engine = create_engine(user_db_conn)
# Get our user data out of the user_engine
database = user_engine.url.database
user = user_engine.url.username
@@ -139,8 +133,8 @@ except:
try:
with root_engine.connect() as connection:
connection.execute(
- "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
- user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\'".format(
+ user, password))
connection.execute(
"GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
try:
--
2.34.1
View Git Blame Copy Permalink